Message from blumentarzan Most recent post: 10/28/2007 2 authors and 4 replies. I'm trying to access website which needs a client certificate that is on a smartcard. Was able to get the certificate from the smartcard as JAVA.security.cert.Certificate object. Also was successful in connecting the website via SSL without certificate. Found in the forum, that I should try to store the certificate object in a new TrustStore and do the SSL connection with that TrustStore: http://forum.JAVA.sun.com/thread.jspa?forumID=2&threadID=5118972 The communication with the smartcard reader works fine. The sample code from sun to sign some data with the client certificate works. Would be great if someone could help me! Thanks Adrian My Code: import JAVA.io.BufferedReader; import JAVA.io.BufferedWriter; import JAVA.io.File; import JAVA.io.FileInputStream; import JAVA.io.InputStream; import JAVA.io.InputStreamReader; import JAVA.io.OutputStreamWriter; import JAVA.io.PrintWriter; import JAVA.security.KeyStore; import JAVA.security.*; import JAVA.security.cert.*; import JAVA.security.cert.Certificate; import JAVA.util.Enumeration; import JAVAx.net.ssl.*; public class SSLSocketClientWithClientAuth { public static void main(String[] args) throws Exception { String host = "www.testpage.com"; int port = 443; String path = "/login.html"; //get certificate from smartcard String alias = "Firstname Lastname"; KeyStore scks = KeyStore.getInstance("Windows-MY"); scks.load(null, null); Certificate cert = read more about SSL with Client Certificate on SmartCard
Message from simapatel78 Most recent post: 10/28/2007 2 authors and 2 replies. Anyone has an idea how to implement verisign security in J2EE enterprise application? Following is the case. We are using encryption and decryption of messages between two J2EE based applications with "DES" algorithm using JAVAx.crypto package. we are using websphere application server. if I have to use verisign security what'd be the steps? I am just new to this security. Help would be appreciated. read more about Verisign Security
Message from kester83 Most recent post: 10/16/2007 2 authors and 5 replies. hi problem1: below is a JAVA file that I have and after applying a security check on the return reference, I have this security risk involved :"The method returns the reference Object type directly." the suggested solution was to "Return a copy of the reference Object." Can any one help me to see what I can do to remove this secutiry risk? public class InventoryList{ public static InventoryList merge(InventoryList a, InventoryList b){ if (a == null){ return b;} else if (b == null){ return a; } else { InventoryList c = new InventoryList(); c.count = a.count + b.count; c.head = a.head; c.tail = b.tail; a.tail.next = b.head; return c; } } } problem 2: i have been told to do work on the security check for "buffers overflow". the only example I was given is below int data[] = new data[10]; data[10] = 100; can anyone explain to me how this checking of buffers overflow works and perhaps and example to how it can be solved? will really appreciate any help I can get :) read more about some security issues...
Message from elh.maayan Most recent post: 10/3/2007 2 authors and 2 replies. hi alll.. i'm a newb in JCA and i have been reading about Signature class and how to verify the message authenticty using update/verify pair methods. one thing i do not undestand is how do I get the actuall message from the signature class once I verified it? read more about getting the content of Signature in JCA
Message from epilot2006 Most recent post: 10/3/2007 2 authors and 2 replies. Hello, I am developing a simple class to encrypt/decrypt passwords for storage in a configuration file (XML based). Currently, the key for the cryptography is stored as a static byte[] in my cryptograpy class. I imagine that this isn't very secure, for when I compile it, I can easily decompile it to retrieve the key. What is the standard method for storing a symmetric key in this sort of instance? A single applet is used to store and retrieve the key from the configuration file. Thank you! James read more about Cryptography Key Storage question
Message from naveen Most recent post: 9/7/2007 4 authors and 5 replies. Hi friends, My requirement is how to convet a decimal number of length 19(19 digit number) in to base 64. the number may be Example : -123 or -123.455 or 123 or 123.345 Like that.If any one know iv JAVA API (application programming interface)or how to do that,please send your valueble suggestions to me. Thanks, Naveen read more about how to coonvert decimal number in to base 64 format
Message from k.adamczyk Most recent post: 8/31/2007 2 authors and 4 replies. Hi, I am writting a new application using Eclipse RCP and GlassFish. One of the application's modules is a permissions module that lets the administrator assign rights (permissions) to the users. Then the assigned permissions will have influence on enabling/disabling menu options, buttons etc. I'll be grateful for some advice what technology should I use (JAAS, aspect programming, ...). I do not want to mix the permission-checking code with the application-logic code. Greetings, Chris read more about Application permissions module
Message from merrittr Most recent post: 8/10/2007 2 authors and 2 replies. I do not seem to have this as part of my install (I have keytool etc...) where do I get it from: C:\Program Files\JAVA\jre1.6.0_02\ read more about jarsigner question
Message from David Kerber Most recent post: 5/14/2007 2 authors and 2 replies. I'm trying to implement ACL's in my webapp, and am having trouble applying what I read in the docs and in my googling to my real-life application. Could somebody please point me to a good tutorial or some example code that shows how to set and check the permissions (read only vs read/write, etc) that a given user will have to access a given object?TIA! Dave -- Remove the ns_ from if replying by e-mail (but keep posts in the newsgroups if possible). read more about ACL tutorial or example
Message from zeman Most recent post: 5/10/2007 3 authors and 4 replies. Hi, Does anyone have the source code for the RC2 algorithm written in JAVA? Thanks, Marc read more about RC2 JAVA source code
Message from iszekeell Most recent post: 5/10/2007 3 authors and 8 replies. ok so I'm trying to store a key for late for later use with a password and I can get as far as saving and retrieving it. but can not use it again this is what I have: KeyGenerator kg = KeyGenerator.getInstance("DES"); Key key = kg.generateKey(); Cipher cipher = Cipher.getInstance("DES"); cipher.init(Cipher.ENCRYPT_MODE,key); byte[] encrypted_password = cipher.doFinal(password.getBytes()); JOptionPane.showMessageDialog(null,"Encrypted Password "+ new String(encrypted_password)); String coughtPassword = new String(encrypted_password); cipher.init(Cipher.WRAP_MODE,key); byte[] keyAsByte = cipher.wrap(key); String keyAsString = new String(keyAsByte); //coughtpassword and keyAsString are save in mySql by a Dao // the piece I have been unable to do is here I want to reconstruct keyAsString into the workable key2 //any suggestions are welcome cipher.init(Cipher.DECRYPT_MODE,key2); byte[] decrypted_password2 = cipher.doFinal(coughtPassword.getBytes()); JOptionPane.showMessageDialog(null,"Decrypted Password "+new String(decrypted_password2)); read more about I want to save a Key in Mysql as String
Message from Muchach Most recent post: 5/10/2007 2 authors and 2 replies. Ok so the question I have been wrestling with is whether or not having a webserver with SSL (HTTPS) secures a JAVA application running on website. I have run into this JSSE and wondering if this needs to be used. The information sent back and forth from client to server needs to be encrypted. read more about Does HTTPS secure JAVA?
Message from Jamie.Osborne1 Most recent post: 5/8/2007 2 authors and 2 replies. Hi, I'm currently trying to configure Tomcat to only allow a user to log in once. If the same user tries to log in when already logged in (from another machine for example) I want to cancel the login request and present an explanation to the user. I'm using the FORM based authentication and have searched the web for a solution to this problem to no avail.Any help'd be much appreciated,Jamie read more about Tomcat - One login only
Message from TQIS Jim Most recent post: 5/1/2007 2 authors and 2 replies. I distribute a signed applet to at least 100 users. Until recently, as long as users agreed to the "confirm trusted applet", there was no problem. As of JAVA SE 6, the users are no longer prompted about the Trusted Applet. The applet simply throws the following error: JAVA.security.AccessControlException: access denied (JAVA.awt.AWTPermission accessClipboard) I tried configuring my JAVA.policy file in order to tackle this problem. 1. I can fix the problem by adding permissions to the default grant declaration in my local JAVA.policy file 2. Neither the signedBy or codeBase qualifiers seem to work in my grant declarations 3. My users won't be very happy if they have to manually edit this config file in order to use our application. In the course of my searches, I found many effusive discussions by Sun engineers about this architecture, but no practical approach on how to proceed. Has anyone successfully deployed an applet that manages these security restrictions or is Sun finally killing the JAVA applet? -Jim read more about Applet Security
Message from stilllearning Most recent post: 4/12/2007 2 authors and 3 replies. I have a certificate signing request file and a signed certificate response from Verisign. I also have the passwords. Can someone show me how to create a keytool keystore with my key in it? read more about Lost keystore but have cert signing request and response
Message from Eric Smith Most recent post: 3/26/2007 4 authors and 9 replies. I have got a JAVA applet that talks to a back-end server. The applet has a "Start" button that causes it to establish the connection. The back-end server isn't the web server that the HTML web page containing the applet comes from, so the applet JAR file is stored on the back-end server, and the HTML code references the JAR file by an absolute URL with that back-end server as the host. That works fine. Now we want to replace the GUI presented by the applet with one implemented in JAVAscript. The applet itself becomes faceless (applet tag has width=0 and height=0). The JAVAScript calls a method in the applet to do what the "Start" button did before. That works fine, *if* the web page and applet are on the same server. It fails if they aren't. I spent some time trying to figure out why. As near as I can tell, the problem is that when the JAVAScript running in the browser makes a method call into the applet, even though it is calling the same method the Start button did, it is calling it from a different thread. The Start button is called in a thread that toString reports as "Thread[AWT-EventQueue-4,4,<html-page-url>/-threadGroup]". The method called by JAVAscript is in a thread that toString reports as "Thread[Thread-2,5,main]". Are there really different security policies in place in the applet based on which thread is running? Thanks! Eric read more about interesting applet security problem
Message from hunkgym Most recent post: 3/15/2007 2 authors and 2 replies. Good Day! Would be appreciate to know any suggestion on the following coding problem: Originally, I've a JAVA application. Now, I've developed a JAVA login form which is name as Login.JAVA Would be appreciate to know how to compose the code to link to the JAVA application after the user successful login. Both JAVA source files (including the JAVA application) are stored at http://tech.groups.yahoo.com/group/JAVAlogin/ Please refer the source file and suggest. Thanks for any HELP! Danke! read more about Connect to JAVA application from JAVA login form
Message from zhuo_sung Most recent post: 3/9/2007 2 authors and 2 replies. Hi everybody, I cannot find the JAVAx.net.ssl.SSLEngineResult.HandshakeStatus nor the JAVAx. net.ssl.SSLEngineResult.Status classes even though they are supposedly included in the j2se1.5.0 . Any help will be greatly appreciated Thanks read more about cannot find the JAVAx.net.ssl.SSLEngineResult.HandshakeStatus class
Message from sachin.dufare Most recent post: 2/20/2007 2 authors and 2 replies. HI, I just wanted to know how JAAS is useful in authorization with LDAP. What are permisssion you can provide while authorizating with LDAP and how? Any sample code on LDAP authorization using JAAS will be helpful? Regards, Sachin read more about HELP- Authorization in LDAP using JAAS
Message from svatti Most recent post: 2/19/2007 3 authors and 10 replies. Hi All I am getting the following message when run my application Caused by: JAVAx.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.sun.net.ssl.internal.ssl.InputRecord.b(Unknown Source) at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(Unknown Source) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(Unknown Source) at sun.nio.cs.StreamDecoder.read(Unknown Source) at JAVA.io.InputStreamReader.read(Unknown Source) at JAVA.io.BufferedReader.fill(Unknown Source) at JAVA.io.BufferedReader.readLine(Unknown Source) at JAVA.io.BufferedReader.readLine(Unknown Source) Let me give a brief overview of my application. This is a FTPS (NOT SFTP) client connecting to the FTP server on port 990. I am trying to connect to the server download the server certificate and then load it dynamically in the trustmanager and then do the normal FTP operations. The application connects fine for downloading the ceritificate, logging in and getting the initial working directory details. Thereon any operation throws me this error. Any ideas are welcome. Thanks in advance SV read more about SSLException: Unrecognized SSL message, plaintext connection?
Message from austin_mama Most recent post: 2/14/2007 3 authors and 3 replies. Hi, I am trying to encrypt/decrypt using SunJCE Provider, but not able to use RC2 algorithm. Can any one please confirm if SUN JCE provider doesn't implement RC2 ? Can you suggest any other provider if sun doesn't? Thanks Austin read more about Need help of providers for RC2 encrypt/decrypt
Message from zets Most recent post: 2/12/2007 2 authors and 3 replies. I'm wondering what is the best to do the following: I'd like to extend the standard role based access control check which is done by JAAS (based on the role needed to run the method and the role the user has), with a test that will check if the user is allowed to run the method on the given params. What I've in mind is something like this: for each EJB I'll have permission class (possibly most of them will share the same), and an interceptor that'd call something like SecurityManager (or AccessController) checkPermission. I'm missing quite a lot of the picture though. Not enough that I'm not sure this is the right thing, I'm also not sure on the details of how to do it. For example, how would I map Permission class to a method in an EJB? Has anyone done this kinda thing? any recommendation on the right way? Thanks. read more about Standard extension of JAAS for instance based authorization?
Message from hacka Most recent post: 2/11/2007 2 authors and 2 replies. Hello, I need to implement a simple login / password authentication for my client-server application, preferably some kind of challenge-response protocol. I'd like to use an existing solution (SASL + CRAM-MD5?), but I am a bit overwhelmed by all the API's (SASL, JAAS etc.) and really I need something simple. What'd you recommend? Regards, Mike. read more about Simple remote authentication
Message from Andrey Most recent post: 2/1/2007 2 authors and 2 replies. Hello, We are having trouble sending webservices requests from our client application to an existing server over SSL. We recently upgraded our WAS to 6.0.x, but the webservice provider's server is still running 5.1.x. Ever since we upgraded, we have not been able to invoke the webservice. Initially, we got this SOAP response from the server: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/ envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http:// www.w3.org/2001/XMLSchema-instance"> <soapenv:Header/> <soapenv:Body> <soapenv:Fault> <faultcode>soapenv:Server.generalException</faultcode> <faultstring><![CDATA[WSWS3713E: Connection to the remote host host.host.com failed.Received the following error: Handshake terminated SSL engine: CLOSED]]> </faultstring> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> We opened a ticket with IBM, and they told us that secure webservices calls do not work between WAS 6 and WAS 5.1. However, from reading documentation, I understand that this only applies if you use WS-I protocol. We do not use that, we simply use the SOAPConnection API, and send it over SSL. So from my understanding, this should work even between 6.0 and 5.1, after all SSL is a standard, it shoul read more about Problem sending secure web services request from WAS 6 to WAS 5.1
Message from ashokabhat Most recent post: 1/18/2007 3 authors and 3 replies. i am trying to switch from http to https I have uncommented the SSl HTTP/1.1 connector but I am getting an errorDec 11, 2006 10:50:03 AM org.apache.coyote.http11.Http11BaseProtocol init SEVERE: Error initializing socket factory JAVA.lang.ClassNotFoundException: can not find any SSL implementation at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.JAVA:57) at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplement ation.JAVA:63) at org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11 BaseProtocol.JAVA:729) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.j ava:120) at org.apache.catalina.connector.Connector.initialize(Connector.JAVA:101 6)Dec 11, 2006 10:50:03 AM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: JAVA.lang.ClassNotF oundException: can not find any SSL implementation at org.apache.catalina.connector.Connector.initialize(Connector.JAVA:101 8) at org.apache.catalina.core.StandardService.initialize(StandardService.j ava:580) at org.apache.catalina.core.StandardServer.initialize(StandardServer.jav a:791) at org.apache.catalina.startup.Catalina.load(Catalina.JAVA:503) at org.apache.catalina.startup.Catalina.load(Catalina.JAVA:523)i use apache 5.5.17 and jdk1.4 please help me..hav been stuck fo read more about https not working
Message from pauljlucas.removethis Most recent post: 1/15/2007 2 authors and 7 replies. I've a double-clickable application (for both Windows and Mac OS X) written in JAVA (stored in jar files) that uses a native launcher written in C to start a JVM and run a particular class's main() contained in one of the jar files. I want to sign the jar files at build-time and later verify them at run-time to ensure they have not been altered. I want to do the verification as part of the launcher written in C because somebody could still modify the jar files and either leave them unsigned or resign them with his own self-signed certificate. I have done a lot of Google searches and I have not been able to find any information on doing what I want. (I only find stuff on signing applets and verifying jar files with the jarsigner command-line tool.) Can I do what I want and, if so, how? - Paul read more about Verifying signed jar files from C
Message from Ramu Most recent post: 1/4/2007 2 authors and 2 replies. Hi All, 1) I want to print my html page from applet.If I run my applet from browser then my applet should be sigened but I am running my applet from appletviewer then also I am getting exception Exception in thread "AWT-EventQueue-1" JAVA.lang.NullPointerException at PrinterApplet.prep(PrinterApplet.JAVA:80) at PrinterApplet.print(PrinterApplet.JAVA:102) at PrinterApplet$1.actionPerformed(PrinterApplet.JAVA:55) at JAVAx.swing.AbstractButton.fireActionPerformed(AbstractButton.JAVA:18 49) at JAVAx.swing.AbstractButton$Handler.actionPerformed(AbstractButton.jav a:2169) at JAVAx.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel .JAVA:420) at JAVAx.swing.DefaultButtonModel.setPressed(DefaultButtonModel.JAVA:258 ) and I think my applet need not be signed for the page from which it is loaded. 2) how can I send my html content to the applet for printing.anybody suggest me any examples or suggestions in this issue. thanks in advance. read more about Applet printing exception
Message from JMecc Most recent post: 1/4/2007 3 authors and 9 replies. I am trying to encrypt a stream that I am sending from a port on one machine to another machine (both sides using JAVA classes). The standard writing across ports works: Server: serverSocket = new ServerSocket(port); Socket sock = serverSocket.accept(); PrintWriter out = new PrintWriter(sock.getOutputStream(), true); out.println("message"); Client: Socket sock = new Socket(server, port); BufferedReader in = new BufferedReader(new InputStreamReader(sock.getInputStream())); String success = in.readLine();I am trying to RSA encrypt this stream by using the CipherInputStream & CipherOutputStream classes: Server: serverSocket = new ServerSocket(port); Socket sock = serverSocket.accept(); CipherOutputStream cos = new CipherOutputStream(socket.getOutputStream(),cyO); PrintWriter out = new PrintWriter(cos, true); out.println("message"); Client: Socket sock = new Socket(server, port); CipherInputStream cis = new CipherInputStream(sock.getInputStream(),cyI); BufferedReader in = new BufferedReader(new InputStreamReader(cis)); String success = in.readLine();I retrieve the public & private keys from files (keys are serializable objects) and then create ciphers: cyI = Cipher.getInstance("RSA"); //Input stream cipher to decrypt cyI.init(Cipher.DECRYPT_MODE, privateKey); cyO = Cipher.getInstance("RSA"); //Output stream cipher to encrypt cyO.init(Cipher.ENCRYPT_MODE, publicKey); the keys were originally created via KeyPairGenerator: KeyPairGenerat read more about JAVA Stream Encryption
Message from sirisha264 Most recent post: 12/11/2006 2 authors and 2 replies. In So many Books they had written String is Un Modifiable. But Once we created string Object we can Replace Content of String.Any One Can Help Me? read more about Sirisha
Message from Lion-O Most recent post: 11/28/2006 3 authors and 8 replies. Sometimes I wonder; do not people /read/ API (application programming interface)docs? I guess not..I'm currently in the process to build a webapplication for online payment and naturally security and encryption will become a major deal for the whole project. Many examples show you how you need to use the "-DJAVAx.net.ssl.trustStore=<keystore file>" JAVA parameter in order to load your JVM with a keystore to trust. Or they simply set the JVM system property 'JAVAx.net.ssl.trustStore' (JAVA.lang.System.setProperty)) to change this value. I do not want that, my goal was to allow a user to dump a plain certificate file (plain ASCII file in PEM format) which is then parsed by the webapplication and used to secure the actual https connection. If the certificate matches all is well, and if not.. etc. Although I can find my way around the API (application programming interface)docs quite well peeking at some examples never hurt and so I came across the 'JAVA Developers Almanac' website (http://JAVAalmanac.com/) featuring free example code. People: BEWARE!! The author seems unable to read the API (application programming interface)docs himself and as such certain code contains nasty bugs who's cause I can only conclude to be plain 'PEBCAK' (Problem Exists Between Chair And Keyboard). Example... When working with https its rather easy to use the 'HttpsURLConnection' class which makes working with https enabled websites a breeze. The only pos read more about Beware! -> (code)bugs in the "JAVA Developers Almanac"
Message from Rajesh Most recent post: 11/24/2006 2 authors and 2 replies. Hi all, How to generate "AES" SecretKey from raw Key bytes (e.g. 0xabcdef......) using JDK 1.5 with "SunJCE". read more about AES key with raw key bytes
Message from PhilBray Most recent post: 11/24/2006 2 authors and 2 replies. Hello, I am current trying to create some code that adds custom extensions to an X509 certificate request using the IAIK.ASN1 classes. The extension I am currently attempting to add is a X.400 address and having looked though the available documentation I see an objects named ORAddress referred to. I cannot however, find any desriptive information on this object type. Does anybody know how to build an ORAddress object? A code example would be very useful. Many thanks in advance, Phil read more about ORAddress Objects
Message from mark Most recent post: 11/24/2006 2 authors and 2 replies. Hello, I'd like to be sure that my app will be run only on specific workstation, so I am thinking now of checking it by comparing system-specific value. Is there something that in JVM? If not, do you know how to get it from the microsoft windows system (I know I'll lose compatibility with other systems, but I just need it). I am looking for something very specific (I was thinking about hostName or IP address but these values are too sensitive to change in one OS). Regards, mark read more about Unique JVM / system_specific number
Message from john.burton Most recent post: 11/24/2006 2 authors and 2 replies. I've a question about using a signed applet. I've a specific solution in mind I will ask about but any other ideas for other approaches'd be welcome of course. I've an applet which provides some information for putting on a web page. It needs to be an applet as it's whole purpose is to obtain some information from the local machine and put it on a web page with other information. The information I need is on files on the user's machines so in order to read them this needs to be a signed applet. Now, this is just a private web page thing for a close group of users who are known to me. They were previously happy running an .exe supplied by me so the security implications of running a signed applet aren't really relevent - they will be happy to do so. But because this is a private thing I do not have any money to spend on it so getting a "real" code siging certificate is out of the question (Unless someone knows where I can get one for much less that the cost that verisign etc charge...) so I'm using a self signed certificate. I do not see this as a problem in itself in any way except that the applet is supposed to blend into the web page and when it's run the dialog saying it's a signed applet, and questioning the signers identity comes up. Fair enough.. I can tell the users to check the certificate and click the accept anyway button. But it destroys the look of the website with a dialog box. I can tell the users to click on the always accept this cert read more about Adding certificate to trusted certificates using an applet?
Message from Hacking Bear Most recent post: 11/16/2006 2 authors and 4 replies. Hi, I've some certificates from SAML metadata XML files and I'll need to use SSL to communicate with the relying party, in order to set up SSL connection, I'd create truststore. However, the standard truststore will require a keystore backed by a file, and so I'll have to import all certificates found in my XML files to a keystore file using the keytool. My desire is to simplify the administration so I can just read and create X509Certificate from my XML file at runtime and use those certificates as the trusts. Method 1: I tried to this: trustStore = KeyStore.getInstance("X509"); trustStore.load(null, pwd.toCharArray()); tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(trustStore); SSLContext sslctx = SSLContext.getInstance("SSL"); sslctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); // when I need to do SSL X509Certificate idpCert = ... // find the cert from my cache trustStore.setCertificateEntry(idpURL, idpCert ); conn.setSSLSocketFactory(sslctx.getSocketFactory()); But I still keep getting "JAVAx.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found". What's wrong here? Method 2: I'd attempt to implement my own X509TrustManager class MyX509TrustManager implements X509TrustManager { public void checkServerTrusted(X509Certificate[] x509Certi read more about Dynamically supplying certificates to truststore
Message from Vishal Most recent post: 11/13/2006 2 authors and 2 replies. Hi, I am facing a problem which anyone who has worked on any UDP application might've faced. UDP by itself is unreliable. If packets are lost, no acknowledgements are sent. I've a UDP application which is receiving packets on a standard port. It receives packets asynchronously. At any time any packet can arrive. The problem is that sometimes a number of packets arrive and our UDP socket buffer ( being of finite size ) isn't able to handle them and simply drops the packet. The UDP socket buffer cannot be increased beyond a finite size( dynamically it cannot be increased, it is fixed for an OS) . So a number of packets simply drop with out any intimation to the receiver/sender. I need to have checkpoint ( some kind of intimation ) that the packets are being dropped. I've implemented polling with poll parameter as POLLIN or POLLRDNORM.( I've tried both parameters) Both implementation works that is gives me a poll status implying socket buffer is full. In my test set up I can control the rate at which packets are generated. When the packets are sent at a very high rate and my socket buffer is not able to handle them, polling status tells me that buffer is full. when the rate of sending packets is slow, I get an intimation that buffer space is available. But in some cases ( when the rate of sending packets is slow ), I get a poll status that buffer is full ( which is wrong ). Even though these are corner cases but it made me think.( an read more about UDP packets dropping
Message from nishant80 Most recent post: 11/3/2006 2 authors and 4 replies. Hi, I am using JCE 1.2.2 for one of my applications and got the following error today: Exception in thread "main" JAVA.lang.ExceptionInInitializerError: JAVA.lang.SecurityException: Cannot set up certs for trusted CAsI had got a similar error last year (Jul 2005) when I was using JCE 1.2.1 That time, I had come to know that the JCE 1.2.1 Signing Certificate was supposed to expire on July 27, 2005 (http://JAVA.sun.com/products/jce/index-122.html) Hence, as per the recommendation from JAVA.sun.com, I had upgraded JCE to 1.2.2 which solved the problem. The JCE 1.2.2 FAQ (http://JAVA.sun.com/products/jce/jce122_faq.html) says: "The validation code which checked for certificate expiration was *ONLY* used in JCE 1.2.1. The validity period check *WAS REMOVED* from JCE 1.2.2 and all successive J2SE releases. Hence these JCE versions do not check the expiration date, and won't stop working after the certificate validity period has expired." But to my surprise, today (Oct 23, 2006) I got the same error as last year. I am now clueless as to how this can be fixed. Does JCE 1.2.2 have a BUG? Ideas/Suggestions/Solutions are most welcome. Please advise.Thnx, Nishant read more about JCE 1.2.2 - "Cannot set up certs for trusted CAs"
Message from phil Most recent post: 10/30/2006 2 authors and 2 replies. Folks, Apologies in advance if I'm asking stupid questions here but JAVA is way outside my area of expertise and I really need some help. We provide web-based applications that, in a few cases include a small, signed JAVA applet to allow information to be posted across domains. The applet code is really quite simple (even for me!) but one of our clients is asking us to guarantee that the applet will work across The Mircosoft JVM and Sun JVMs 13., 1.4 and 1.5 - I'm really not sure if we can say this and am trying to avoid having to go through the pain of testing it on all environments. We've signed the applet using jarsigner for Sun (a .jar file) and using signcode for Microsoft (a .cab file) but I'm not sure if this enough to do the trick. Spedific questions: * When did the JAVA Plug-in switch from the JDK 1.1 security model to JDK 2.0 security model? * Will the signed .jar file work in all of these versions of the Sun JVM? * If not, can we ude JAVAScript to determine which version of the pulg-in is being used and then include a different applet tag for each version? I'm really a bit at a loss here so any information at all on how to do all this'd be greatly appreciated. Thanks, in advance for your help, Phil (JAVA newbie!) read more about Signed Applets and different JVMs
Message from mcclintoc Most recent post: 10/25/2006 4 authors and 4 replies. Hello @xxxxxxxxxxx all, I'm writing a framework for certificate-based authorization. As far as the "workflow" is concerned the client connected to a Certificate-Server via RMI over a SSL-secured connection. This connection is secured via a machine-cert. Among other things I retrieve a keystore-Object from the Certificate-Server containing the Certificates for the User. Currently I'm specifying the keystore and truststore for the machine-cert via System.setProperty("JAVAx.net.ssl.[trustStore,keyStore]",<file>) But after retrieving the user keystore any further communication has to be based upon the new keystore. My question is now how to change the keyStore/trustStore used for SSL-based communication at runtime? I dug deep into the web but have not found anything helpful. Maybe someone can throw me a bone, please?A lot of thanks in advance, Steven McClintoc read more about change keyStore and trustStore in SSL Communication